ITBusiness.ca

Hashtag Trending Jun.7-Google’s Gmail allows scammers to pose as legitimate emails; Homeland Security turns to social media to find suspected terrorists and drug smugglers; British Airways, BBC, Boots impacted by data breach

Google’s Gmail allows scammers to pose as legitimate emails, Homeland security is looking into social media accounts to find suspected terrorists and drug smugglers, and a popular, and presumed safe file sharing utility leads to a huge supply chain hack and theft of data.

 

These and more top tech news stories from Hashtag Trending and Tech News Day. I’m your host Jim Love, CIO of IT World Canada and Tech News Day in the US.

Google’s Gmail, with its 1.8 billion users, is facing a significant security issue. The recently introduced blue checkmark sender verification system, designed to help users identify legitimate emails, is being exploited by scammers. Cybersecurity engineer Chris Plummer discovered that scammers have found a way to trick Gmail into believing their fake brands are legitimate, thereby using the checkmark system to gain users’ trust.

Google initially dismissed Plummer’s discovery as “intended behaviour” but later acknowledged the error after his tweets about the issue went viral. The tech giant has now listed the flaw as a top priority fix, which is currently in progress. However, until the issue is resolved, the Gmail checkmark verification system remains compromised and is being used by hackers and spammers to deceive users.

Google’s press team has provided further details about the Gmail verification hack, explaining that the issue stems from a third-party security vulnerability allowing bad actors to appear more trustworthy than they are. Google is requiring senders to use the more robust DomainKeys Identified Mail (DKIM) authentication standard to qualify for Brand Indicators for Message Identification (blue checkmark) status. A fix for the issue is expected to be fully rolled out by the end of the week.

Sources include: Forbes

The Department of Homeland Security (DHS) has been working on a project called “Night Fury” since 2018, in collaboration with the University of Alabama at Birmingham (UAB). The project aims to assign “risk scores” to potential pro-terrorist accounts on social media, as well as identify information related to the illegal opioid supply chain and disinformation efforts. 

The DHS has contracted UAB to develop methods for ranking these accounts and automating the identification process. This initiative is part of the DHS’s ongoing focus on analyzing social media for various purposes. The project plans to extend beyond mainstream social media networks like Facebook and Twitter to other communities. 

One of the tasks includes creating a “Facebook Group Expander” to identify potential pro-terrorist social media accounts and Facebook Groups where these groups interact. UAB is expected to provide DHS with lists of these accounts and related posts regularly. 

The project also aims to develop methods to identify a location without GPS metadata and track threats in real-time, such as during a live event like a hurricane. 

However, this project has raised concerns about potential bias and the impact on certain communities. Critics argue that the automated judgment of these matters is both impossible and likely to be infected with bias. 

Sources include: Vice

British Airways, the BBC, and UK pharmacy chain Boots have been affected by a data breach due to a critical vulnerability in the MOVEit document-transfer app. The data was reportedly stolen by the Clop ransomware group, according to Microsoft. 

The companies were not directly attacked. Instead, the breach occurred through payroll services provider Zellis, whose MOVEit installation was exploited. Zellis, the largest payroll and human resources provider in the UK, has clients including the BBC, Sky, Harrods, Jaguar, Land Rover, Dyson, and Credit Suisse. 

The vulnerability was identified last Thursday, and researchers warned that criminals had been exploiting it for at least a month to infiltrate IT environments and steal data. The bug, now tracked as CVE-2023-34362, was patched by the app’s developer, Progress, on Friday. 

The BBC stated that stolen data included valuable personal information such as staff ID numbers, dates of birth, home addresses and national insurance numbers. 

British Airways, which has about 35,000 employees confirmed that it was one of the victims in what appears to be another significant supply chain attack. The company has notified colleagues whose personal information has been compromised to provide support and advice. 

Both British Airways and Zellis reported the intrusion to the UK Information Commissioner’s Office (ICO), and Zellis also notified the privacy watchdog’s counterpart in Ireland and British cyber-police.

Sources include: The Register

Volunteer moderators at Stack Overflow, a popular forum for software developers, have gone on strike over the company’s new AI content policy. The policy allows all GPT-generated content on the site and demands an immediate halt to suspensions over AI content. The moderators are concerned about the potential harm this could cause, given the frequent inaccuracies of chatbot information.

The moderators, who are all volunteers elected by the community, have written an open letter expressing their concerns. They argue that the policy allows the proliferation of incorrect information and plagiarism on the Stack Exchange network, posing a significant threat to the platform’s integrity and trustworthiness.

The new policy, enacted in late May, requires moderators to stop moderating AI-generated content simply for being AI-generated. The moderators argue that without proper moderation of AI-generated content, the quality and accuracy of Stack Exchange’s information will quickly decline.

The moderators are also upset about the lack of transparency surrounding the policy. They claim that a new policy was implemented in private in May, requiring an immediate cessation of issuing suspensions for AI-generated content. The following day, a slightly different version of the policy was released to the public, without the language requiring moderators to stop restricting all AI content.

The moderators are demanding the retraction and revision of the AI policy, resolution and apology for the inconsistency between the public and private versions of the policy, and for the company to be honest about its relationship with the community.

Sources include: Vice

Frequent listeners will remember that we did a story a while back where we announced that Siri was using generative AI solutions to tell jokes.  Well, in another surprising AI announcement, iOS17 will no longer automatically change one of the most common swear words to ‘ducking’ in its autocorrect feature. This change, which has been a source of frustration for users, will be made possible through the use of a transformer model, an AI model that learns context by tracking relationships in data.

The announcement was made by software boss Craig Federighi at Apple’s developers’ conference in California. The autocorrect change will be part of the iOS 17 operating system upgrades, expected to be available as a public beta in July, with the general release in September. This should also mean that iPadOS 17 will carry the new function.

So watch for it, when the new version of iOS17 will get the duck outta here.

Sources include: BBC News

Hashtag Trending and Tech News Day bring you the top tech news stories five days a week. Hashtag Trending is available on Apple, Google, Spotify or wherever you get your podcasts. Tech News Day is a video cast on YouTube that also has a daily edition. 

We have a special weekend interview version where we bring in a guest to talk about tech issues in the news. It’s called Hashtag Trending, the Weekend Edition an audio podcast which goes to air on Saturday morning for your weekend listening. 

And this weekend and for the summer, we’ll be featuring a Sunday interview podcast called Leadership in the Digital Era which will feature some in depth interviews with leaders of companies or organizations and their personal stories.

We love your comments. Don’t be shy.  You can find me on Linked In, Twitter, I’m also on Mastodon as @therealjimlove on our server technews.social

Or if that’s too much to remember, just go to the article at itworldcanada.com/podcasts and you’ll find a text version of this article with additional links and references.  Click on the x or check under the article and hit me with your best shot…or you can say something nice. We read it all and use it to try to serve you better.

Have Wonderful Wednesday!  Time for us to get the duck outta here.

Exit mobile version